https://blog.csdn.net/NEUChords/article/details/92968314
1.IPSEC protocol suite security framework
a.IPSec Profile
IPSec (Internet Protocol Security): is a group based on the network layer, application of cryptography for secure communication protocol suite. IPSec protocol which is not specifically referring to, but rather an open protocol suite.
IPSec protocol design goals: to provide flexible security services for network-layer traffic in IPV4 and IPV6 environment.
IPSec VPN: IPSec protocol suite is based on building security in the virtual private network IP layer. By inserting a predefined way in the packet header, to protect the safety of OSI upper layer protocol data, mainly for the protection of IP packets TCP, UDP, ICMP and tunnels.
b.IPSec protocol suite
IPSec VPN architecture mainly by AH, ESP, and IKE protocol suite components.
By IPSec ESP to protect the confidentiality of IP data transmission using AH / ESP provides data integrity, data origin authentication and anti-replay.
ESP and AH defines the format and protocol services provided and the load head, but does not define specific capabilities required to achieve the above transcoding mode, transcoding embodiment includes a data conversion mode, as the algorithm, key length and the like.
To simplify the use and management of IPSec, IPSec can also perform automatic key negotiation through IKE, establishing and maintaining security associations. As follows:
1.AH Protocol: AH header authentication protocol is, mainly provides data origin authentication, data integrity, and anti-replay. However, AH does not encrypt the data reported.
2.ESP Protocol: ESP is Encapsulating Security Payload protocol. In addition it offers all the features of AH (data integrity check, but does not include IP header), it may also provide encryption functionality for IP packets.
3.IKE protocols: IKE auto-negotiation protocol for AH and ESP encryption algorithm used.
IKE defines the security parameters of how to negotiate and how to establish a shared key, but it does not define the content of the consultation. The definition of this is carried out by the "Domain of Interpretation (doi)" document.
IPSec protocol suite:
1.IPSec communication protocol defines two protection mechanisms:
Encapsulating Security Payload (ESP, Encapsulating Security Payload): ESP communication mechanism for providing confidentiality and integrity;
Authentication Header (AH, Authentication Header): AH communication mechanism for providing integrity protection.
ESP and AH mechanism mechanism can provide anti-replay (Anti-replay) attacks to communicate.
2.IPSec protocol can be configured to run in two modes: one is the tunnel (Tunnel) mode, and the other is transmitted (Transport) mode.
3.IPSec protocol uses IKE protocol implementation of security protocols automatic security negotiation parameters. IKE negotiated security parameters including encryption and authentication algorithm,
protected mode (transport or tunnel mode) encryption and authentication key, communications, and other key survival. IKE security will be a collection of these parameters is referred to as a security association (SA, security Association), is also responsible for these refresh the security parameters.
4. The two databases: Security Policy Database SPD, security association database SAD.
5.DOI will document all IPSec teams tied. It can be considered a master database of all IPSec security parameters.
2.IPSEC operating mode
a. Transfer Mode (Transport mode)
in transmission mode, IPSec protocol processing module is an IPSec header is inserted between the IP header and upper protocol header.
IP header of the original IP packet in the IP header is the same, only IP packets will be changed protocol field of IPSec protocol number (50 or 51), and recalculates the checksum of the IP header. Transfer mode packet payload protection, high-level protocol, IPSec does not modify the source endpoint IP header destination IP address, the IP address will remain the original plaintext.
Transfer Mode only provide security services for higher-level protocols.
The main application scenario: a data protection often end communication between the host and the host.
Encapsulation: without changing the original IP header, IPSec header is inserted in the back of the original packet header, the original data is encapsulated into data to be protected.
b. tunnel mode (Tunnel mode)
different transmission modes, in tunnel mode, the original IP packet is encapsulated into a new IP packet, inserting an IPSec header between the inner header and outer header, the original IP address is deemed valid part of the load is protected by IPSec.
Through data encryption, you can also hide the IP address of the original packet, so more conducive to protecting the security of end to end data communications.
Encapsulation: adding new IP (the external network IP) header, followed ipsec header, then after the entire original packet encapsulation.
The main application scenario: often used between the private network and the private network to communicate through the public network to establish a secure VPN tunnel.
3.IPSEC communication protocol
a.AH protocol
AH protocol number is assigned to 51. I.e., using the AH protocol IPv4 security data packets in the IP header protocol field will be 51, indicating that after the IP header is a header AH. AH ESP header is much simpler than the first, because it does not provide confidentiality. Since no length indicator is filled with a filling, and therefore there is no tail field. In addition, you do not need an initialization vector.
AH security services offered:
1. connectionless data integrity: guaranteed by checking the generated hash function.
2. Data origin authentication: achieved by addition of a shared key in the calculation codes.
3. The anti-replay service: the serial number of AH header can prevent replay attacks.
AH does not provide any privacy service: it does not encrypt the data packet.
Whether the transport mode or tunnel mode, providing protection for data packets AH, it protects the entire IP packet (except for variable fields, such as TTL and IP header TOS field).
AH header:
In the transmission mode AH Package:
AH in tunnel mode encapsulation:
b.ESP protocol
ESP likewise be treated as a kind of IP protocol, close to the IP header before the ESP header to sign the protocol number 50 ESP header, the protocol field of the IP header ESP will be 50, to indicate that the IP header followed by an ESP header, ESP header includes only ESP, ESP and a tail containing useful information.
In tunnel mode, ESP protects the entire IP packet, the entire original IP packets will be added in a manner ESP load new data packets, while, according to the system parameters such as start and end of the tunnel, establishing a tunnel IP header, as the data packet the new IP header, ESP header sandwiched between the tunnel and the original IP packet IP header and ESP dotted tail.
ESP provides encryption services, the original IP packet and ESP trailing in the form ciphertext.
ESP in the verification process, only the ESP header, the IP header of the original packet data, packet data to verify the original data; only the original entire data packet is encrypted, not encrypted authentication data.
ESP provides security services:
1. connectionless data integrity.
2. The data origin authentication.
3. The anti-replay service.
4. Data confidentiality.
The limited data stream protection
of confidentiality is achieved by using the service-related part of a cryptographic algorithm to encrypt IP packet.
Confidential data stream provided by the security services in the tunnel mode.
ESP commonly used DES, 3DES, AES encryption algorithm and other data encryption using MD5 or SHA1 authentication to achieve data integrity.
ESP header:
ESP in transport mode Package:
ESP commonly used DES, 3DES, AES encryption algorithm and other data encryption using MD5 or SHA1 authentication to achieve data integrity.
ESP is likewise treated as a kind of IP protocol, the IP header against the immediately preceding an ESP header 50 ESP header flag protocol number, and, not only with the ESP header ESP, ESP there is a tail containing useful information.
In tunnel mode, ESP protects the entire IP packet, the entire original IP packets will be added in a manner ESP load new data packets, while, according to the system parameters such as start and end of the tunnel, establishing a tunnel IP header, as the data packet the new IP header, ESP header sandwiched between the tunnel and the original IP packet IP header and ESP dotted tail.
ESP provides encryption services, the original IP packet and ESP trailing in the form ciphertext.
ESP in the verification process, only the ESP header, the IP header of the original packet data, packet data to verify the original data; only the original entire data packet is encrypted, not encrypted authentication data.
c.AH contrast and ESP
ESP does not validate the outer IP header in the tunnel mode, ESP can operate in a NAT environment in the tunnel mode.
ESP in transport mode verifies the outer IP header, verification will cause a failure.
Because AH provides data sources confirm (once to change the source IP address, AH validation fails), it can not pass through NAT.
4.IPSEC establishment phase
a.IKE negotiation phase
1. Security Alliance SA (Security Association): is a common agreement between the two entities set up IPSec communications consultation, which provides for the protection of data communication which use both the IPSec protocol security, identification of the application of the algorithm, encryption and authentication keys and key lifetime value of the security property value and so on. By using the security association (SA), IPSec security services to be able to distinguish the different data streams provided.
2.IPSec to provide secure communication between two ends, which are called IPSec peers. IPSec allows systems, a user or administrator of the network control the particle size of the security services between peers. By SA (Security Association), IPSec can provide different levels of protection for different data streams.
3. IPSec security alliance is the foundation, but also the nature of IPSec. SA is a peer for some elements, e.g., which security protocol, the protocol operating mode (transport mode or tunnel mode), encryption algorithm (DES and 3DES), a particular data stream of the shared secret protection key and key life cycle and so on.
4. The security association is unidirectional, bidirectional communication between the two peers, a minimum of two SAs are two directions of data flow on security protection. Stream of inbound data and outbound data streams are processed by the inbound and outbound SA SA. Meanwhile, if both AH and ESP to protect data streams between peers are needed respectively two SA, one for the AH, ESP for another.
5. An SA is uniquely identified by a triplet, the triplet comprising security parameter index (SPI, Security Parameter Index), destination IP address, and security protocol (AH or ESP). SPI is a 32-bit number that uniquely identifies an SA, it transmits an IPSec header.
SA-related parameters will 5.IPSec device placed ** SPD (Security Policy Database) ** inside, SPD stored inside "what kind of data should be processed," such a message, the IPSec packet outbound and inbound when will first find relevant information from the SPD database and do further processing.
Background 1.IKE of
1. Before the protection of an IP packet with IPSec, you must first establish security associations (SA).
2.IPSec SA can be established by means of manual configuration. But when more nodes in the network, manual configuration will be very difficult, and difficult to guarantee safety. In this case you can use ** IKE (Internet Key Exchange) ** automatically SA set up process and key exchange. Internet Key Exchange (IKE) will be used to dynamically establish SA, on behalf of the IPSec SA negotiation.
The use 2.IKE
1.IKE for IPSec key generated for the AH / ESP encryption and authentication used.
2. IPSec communication between the two sides, dynamically establish a security association (SA: Security Association), the SA management and maintenance.
3.IKE and the relationship between the AH / the ESP
the IKE is an application layer protocol over UDP, signaling protocol is IPSec. IKE negotiation to generate keys for IPSec, for AH / ESP encryption and authentication to use. AH and ESP have their own protocol number, respectively, 51 and 50.
4.IKE work process
IKE through two stages to establish a secure IPSec key negotiation and alliance:
the first phase of the exchange: the parties to communicate with each other to establish a channel between a authenticated and secured, at this stage of exchange established an ISAKMP security Association ISAKMP SA (also known as IKE SA). The first stage has two exchange negotiation modes:
master mode negotiation, under normal circumstances, IKE main mode is suitable for two public IP device is fixed, and the apparatus to achieve point to point environment.
Aggressive mode negotiation, under for example ADSL dial-up users, their access to the public IP is not fixed, and there may be a NAT device, aggressive mode do NAT traversal, and since IP is not fixed, with the name as the id-type headquarters by way of a template received IPSEC access branch.
The second phase of the exchange: Safety Alliance (IKE SA) has been established for IPSec security services IPSec negotiation is the specific security alliances, establish IPSec SA, a real key that can be used to encrypt data streams, IPSec SA for the final IP data security transmission.
5.IKE Phase 1
IKE Phase 1 negotiation process:
Phase 1 IKE main mode negotiation:
first exchange (messages 1 and 2): policy negotiation.
During transmission of a data packet, the sender initiates a Cookie comprising (referred to as: Ci) and SA load (referred to as: SAi, carrying negotiated IKE SA parameters (5-tuple), comprising a dispersion of IKE column type as the MD5; encryption algorithms such as DES, 3DES and the like; authentication methods such as pre-shared, digital signatures, encryption and other temporary value; DH group; survival SA) packet is used to negotiate parameters.
The message recipient to view the IKE policy, strategy and find the IP address of the sender matched locally, sent back after finding a message to respond. Responder sends a cookie (referred to as: Cr) and SA load (referred to as: SAr, has chosen security parameters); if not you can choose the parameters, the responder will return a load of refuse.
A second crossover (message 3 and 4): Diffie-Hellman exchange.
Performing DH exchange, exchange initiator and the recipient pseudo-random number, as nonce. nonce is calculated shared secret (to generate an encryption key and authentication key) necessary. The advantage of this technique is that it allows participants to create the secret value through unsecured media.
Third exchange (messages 5 and 6): Experience the peer certificate.
ISAKMP / IKE phase 1 authentication is the main task, i.e. the third stage authentication in a secure environment, the first two steps four transport packets to the third stage are fifth and sixth data packet switching and making authentication bedding. 1-2 packet switching is ready for certification strategy (for example: authentication policies, encryption policies and hash functions, etc.), 3-4 packet switching to provide key resources for the protection of security algorithms 5-6.
1. 1st, 2nd package focuses on negotiation ISAKMP policies, these policies provide encryption protection for the second phase of the IPSEC SA policy negotiation directly, which is able to lay the foundation for later IPSEC SA negotiation strategies in a safe environment .
2. 3,4 bag, wherein the DH algorithm key generation and transmission of a first phase of authentication key material, the two ends of the VPN material will produce the same key pair of the first key is phase with each other real authentication key.
3. 5,6 bag, mutual authentication on the authentication key with the previously generated when the mutual authentication is passed, then the second stage consultation IPSEC SA's strategy to open safe passage immediately, both ends of the VPN server will use the first stage negotiated security policy for the second phase of IPSEC SA negotiation strategy for secure encryption and authentication.
Phase 1 IKE aggressive mode negotiation:
Aggressive mode IKE interaction:
Aggressive mode comprises the same three steps, three packets are transmitted only by the aggressive mode identified as Aggressive.
There are three interacting aggressive mode packet:
1. The first interaction packet initiator proposes the SA, initiates DH exchange
2. The second packet receiving party accepts interaction SA
3. The third party interaction authentication packets originating recipient
aggressive mode interaction less, so that during transmission, the data transmission more thereof, and the first two data is transmitted in plaintext, only the message 3 is encrypted transmission.
1. The first message: initiator sends a 5-tuple, DH public value, the secondary identification data and a random number nonce (the IDi and the IDr, configure the domain name or user name string to string the device here, there may be IP address). Responder can either accept or reject the proposal. Diffie-Hellman public value, the random data needed and also identity information in the first message transmission.
2. The second message: if the responder to accept the recommendation of the initiator, the response to a selected 5-tuple, DH public value, the nonce auxiliary random number, the identity of materials and a 'certificate hash value. "
3. The third message: send a 'certificate hash value "by the initiator, the message is verified, so that the responder is able to determine where the same hash value and the hash value is calculated, and then determine whether the message in question . Indeed, the originator of the message authentication and prove that it is a participant in the exchange. Before the message key using the key information to generate two encrypted message exchange.
But beware: The message includes identity information is not encrypted, so different and the main mode, aggressive mode does not provide identity protection.
IKE phase 1 mode, two kinds of comparison:
6.IKE Phase 2
IKE Phase 2 negotiation process:
Similar to the first stage of the process, the participants exchange proposals to determine which security parameters adopted in SA.
The two sides negotiate IPSec security parameters, called the set of transformations transform set, including: encryption algorithm, Hash algorithms, security protocols, and encapsulation mode, survival time.
Phase 2 proposal also includes a security protocol - Encapsulating Security Payload (ESP) or Authentication Header (AH) and the selected encryption and authentication algorithms.
Standard IPSec Phase II:
Phase 2 using the "Quick Mode" exchange. Quick mode has two main functions:
1. negotiate security parameters to protect the data connection.
2. periodically updated key information for data connectivity.
Effect of the second stage is to negotiate a way IPSec SA, IPsec to protect the data stream created. The second stage in the negotiation process of the first stage ISAKMP / IKE SA protected.
Quick Mode Exchange to establish IPsec SA through three messages.
These three packet is used to negotiate a security policy for the encrypted user data (only authentication and encryption algorithm and a corresponding method):
the first two parameters IPsec SA negotiation message, and generates a key used by IPsec; second message also provides evidence for the presence of the responder; third message to provide evidence for the presence of the initiator.
After the completion of the second phase of consultation, the first phase of the strategy will not be used temporarily until a new VPN connection or IPSEC SA encryption key timeout, will regenerate with the first phase of the strategy and the establishment of a new transfer key data encryption and authentication.
B. data transfer phase
1. Overview of
the data transfer phase is the transmission of data by the communication protocol AH or ESP.
Establishing a data transmission in the network layer.
2.VPN black hole tunnel
possibilities:
peer VPN connection has been broken and we are still in time within the effective lifetime of the SA, to form a black hole VPN tunnel.
If the other end is not released before SA, reboots peer connection again, it will not accept new connections consultations.
DPD solve the VPN tunnel black hole:
DPD: dead peer detection (Dead Peer Detection), check the peer ISAKMP SA exists. When the VPN tunnel when abnormal, can be detected and re-launch negotiations, to maintain the VPN tunnel.
DPD only takes effect on the first stage, if the first phase has timed itself off, it no longer sends DPD package.
DPD packet transmission is not continuous, instead of using idle timer mechanism. Each receives an encrypted IPSec packet after packet corresponding to the IKE SA to reset the idle timer;
if the idle timer to start counting the end of the process have not received the SA corresponding encrypted packet, then the next time a packet to IP We need to use DPD before being sent or received encrypted packets this SA encryption to detect whether the other survived.
DPD detection depends mainly on the time-out timer, time-out timer is used to determine whether to initiate a request again, the default is issued five times a request (request -> Timeout -> request -> Timeout -> request -> timeout) have not received any response to DPD deletes SA.
Check whether the peer ISAKMP SA there are two operating modes:
1. Cycle Mode: Every so often, peer to send packets to detect peer DPD whether there are still, if you receive a reply proved normal. If you received a reply will be sent once every 2 seconds DPD, if sending seven still have not received a reply, the local automatically clear the corresponding ISAKMP SA and the IPSEC SA.
2. Demand Mode: This is the default mode, when transmitted through the IPSEC VPN traffic backhaul data not received yet, the sent DPD probe packet transmitted once every 2 seconds, seven could not receive the clear response local corresponding ISAKMP SA and IPSEC SA. Note that if you run the IPSEC channel if only one-way UDP traffic, caution this mode, although this is rare.
DPD is very practical, it should be opened. As to which mode is selected according to actual needs, the cycle can identify the mode Use the peer issues relatively quickly, but more bandwidth consumption; demand mode compared to conserve bandwidth, but only after issuing the encrypted packets will not receive decrypted packets to probe the .
----------------
Disclaimer: This article is the original article CSDN bloggers "NEUChords", and follow CC 4.0 BY-SA copyright agreement, reproduced, please attach the original source link and this statement. .
Original link: https: //blog.csdn.net/NEUChords/article/details/92968314